Python Web Penetration Testing Cookbook电子书

Python Web Penetration Testing Cookbook

Table of Contents

Python Web Penetration Testing Cookbook

Credits

About the Authors

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers, and more

Why subscribe?

Free access for Packt account holders

Disclamer

Preface

What this book covers

What you need for this book

Who this book is for

Sections

Getting ready

How to do it…

How it works…

There's more…

See also

Conventions

Reader feedback

Customer support

Downloading the example code

Errata

Piracy

Questions

1. Gathering Open Source Intelligence

Introduction

Gathering information using the Shodan API

Getting ready

How to do it…

How it works…

There's more…

Scripting a Google+ API search

Getting ready

How to do it…

How it works…

See also…

There's more…

Downloading profile pictures using the Google+ API

How to do it

How it works

Harvesting additional results from the Google+ API using pagination

How to do it

How it works

Getting screenshots of websites with QtWebKit

Getting ready

How to do it…

How it works…

There's more…

Screenshots based on a port list

Getting ready

How to do it…

How it works…

There's more…

Spidering websites

Getting ready

How to do it…

How it works…

There's more…

2. Enumeration

Introduction

Performing a ping sweep with Scapy

How to do it…

How it works…

Scanning with Scapy

How to do it…

How it works…

There's more…

Checking username validity

Getting ready

How to do it…

How it works…

There's more…

See also

Brute forcing usernames

Getting ready

How to do it…

How it works…

See also

Enumerating files

Getting ready

How to do it…

How it works…

Brute forcing passwords

Getting ready

How to do it…

How it works…

See also

Generating e-mail addresses from names

Getting ready

How to do it…

How it works…

There's more…

See also

Finding e-mail addresses from web pages

Getting ready

How to do it…

How it works…

There's more…

See also

Finding comments in source code

How to do it…

How it works…

There's more…

3. Vulnerability Identification

Introduction

Automated URL-based Directory Traversal

Getting ready

How to do it…

How it works…

There's more

Automated URL-based Cross-site scripting

How to do it…

How it works…

There's more…

Automated parameter-based Cross-site scripting

How to do it…

How it works…

There's more…

Automated fuzzing

Getting ready

How to do it…

How it works…

There's more…

See also

jQuery checking

How to do it…

How it works…

There's more…

Header-based Cross-site scripting

Getting ready

How to do it…

How it works…

See also

Shellshock checking

Getting ready

How to do it…

How it works…

4. SQL Injection

Introduction

Checking jitter

How to do it…

How it works…

There's more…

Identifying URL-based SQLi

How to do it…

How it works…

There's more…

Exploiting Boolean SQLi

How to do it…

How it works…

There's more…

Exploiting Blind SQL Injection

How to do it…

How it works…

There's more…

Encoding payloads

How to do it…

How it works…

There's more…

5. Web Header Manipulation

Introduction

Testing HTTP methods

How to do it…

How it works…

There's more…

Fingerprinting servers through HTTP headers

How to do it…

How it works…

There's more…

Testing for insecure headers

Getting ready

How to do it…

How it works…

Brute forcing login through the Authorization header

Getting ready

How to do it…

How it works…

There's more…

See also

Testing for clickjacking vulnerabilities

How to do it…

How it works…

Identifying alternative sites by spoofing user agents

How to do it…

How it works…

See also

Testing for insecure cookie flags

How to do it…

How it works…

There's more…

Session fixation through a cookie injection

Getting ready

How to do it…

How it works…

There's more…

6. Image Analysis and Manipulation

Introduction

Hiding a message using LSB steganography

Getting ready

How to do it…

How it works…

There's more…

See also

Extracting messages hidden in LSB

How to do it…

How it works…

There's more…

Hiding text in images

How to do it…

How it works…

There's more…

Extracting text from images

How to do it…

How it works…

There's more…

Enabling command and control using steganography

Getting ready

How to do it…

How it works…

7. Encryption and Encoding

Introduction

Generating an MD5 hash

Getting ready

How to do it…

How it works…

Generating an SHA 1/128/256 hash

Getting ready

How to do it…

How it works…

Implementing SHA and MD5 hashes together

Getting ready

How to do it…

How it works…

Implementing SHA in a real-world scenario

Getting ready

How to do it…

How it works…

Generating a Bcrypt hash

Getting ready

How to do it…

How it works…

Cracking an MD5 hash

Getting ready

How to do it…

How it works…

Encoding with Base64

Getting ready

How to do it…

How it works…

Encoding with ROT13

Getting ready

How to do it…

How it works…

Cracking a substitution cipher

Getting ready

How to do it…

How it works…

Cracking the Atbash cipher

Getting ready

How to do it…

How it works…

Attacking one-time pad reuse

Getting ready

How to do it…

How it works…

Predicting a linear congruential generator

Getting ready

How to do it…

How it works…

Identifying hashes

Getting ready

How to do it…

How it works…

8. Payloads and Shells

Introduction

Extracting data through HTTP requests

Getting Ready

How to do it…

How it works…

Creating an HTTP C2

Getting Started

How to do it…

How it works…

Creating an FTP C2

Getting Started

How to do it…

How it works…

Creating an Twitter C2

Getting Started

How to do it…

How it works…

Creating a simple Netcat shell

How to do it…

How it works…

9. Reporting

Introduction

Converting Nmap XML to CSV

Getting ready

How to do it…

How it works…

Extracting links from a URL to Maltego

How to do it…

How it works…

There’s more…

Extracting e-mails to Maltego

How to do it…

How it works…

Parsing Sslscan into CSV

How to do it…

How it works…

Generating graphs using plot.ly

Getting ready

How to do it…

How it works…

Index